Solved: GRC 10 SP13:NO ROLE owner standard detour path iss...

Former Member · ‎2017 May 17

Dear All,

Am using GRC 10 SP13,

I have configured single stage path i.e(New Path with Sec,Manager and ROLE_OWNER stage). Workflow will be Sec→Manager→Role Owner.

Enabled the routing rule i.e. GRAC_MSMP_DETOUR_NOROLE_OWNER in manager stage

Routing Level is Line item level

Created one more path with no stage in maintain path.

Mapped NO ROLE OWNER detour path between main and detour path at step 6 in MSMP.

My MSMP is working fine if i raise a request with a role where Role owner.

but it is failing to reach to No Role owner detour path in case of role owner missing in the request. After Manager approval, The request doesn't go to role owner for approval. Note No error occured. but can't able to proceed the request. Can any one please help me to configure.

Thanks & Regards,

Mohamed Fazil.

alessandr0 · ‎2017 May 23

Mohamed,

configuration looks ok as far as I can tell. Please share the MSMP debug log of the request so that we can see what is the issue.

Regards,

Alessandro

Former Member · ‎2017 May 17

please share the screen shot from audit in access request and route mapping from MSMP

alessandr0 · ‎2017 May 24

Hi Mohammed,

great that it solved your problem. I always activate the MSMP debug log just in case something goes wrong. You can easily deactivate by just unticking the "Debug on" checkbox.

If you have roles that you don't want users to have for provisioning, you have a couple of options. Either remove the "Provisioning allowed" flag in BRM (Role Maintenance > Open the Role and go to Additional Settings), or by restricting the authorization to roles. Restricting roles for provisioning use auth object GRAC_ROLEP.

Hope that helps again.

Regards,

Alessandro

Former Member · ‎2017 May 24

Hi Alessandro,

I have just enabled,
MSMP debug log in GRFNMW_DEBUG and MSMP Debug Log Messages(GRFNMW_DEBUG_MSG).
And i have created a test request,

Request has been successfully completed.

1624069 - GRC 10.0 Enabling Debug Logging for MSMP

We strongly recommend customer should enable this log only in exceptional situations and disable the log once the problem is resolved.

Which means just uncheck the debug on and file log option?

Or we need to remove SAP_GRAC_ACCESS_REQUEST entries from the list.

And please let me know,

Debug Log Messages(GRFNMW_DEBUG_MSG) should be removed or leave as it like above screen?

Additionally i have another question, I should allow the users to use only one default role(eg: Z_enduser) without having role owner in access request. there are some other roles which doesn' have role owners,how to restrict those roles.

Looking for your response.

Thanks & Regards,

Mohamed Fazil.

Former Member · ‎2017 May 24

Hi Alessandro

Error remains in MSMP debug log.

Please check.

Thanks & Regards,

Mohamed Fazil.

Former Member · ‎2017 May 18

Hi Venkat,

Thanks for your response.

Please find the attachment of audit log and route mapping from MSMP.

GRC 10 SP13:NO ROLE owner standard detour path issue

Know the answer?

Need more details?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (5)

Answers (5)